This is certainly a very useful idea, and I have done something similar but it is not really in the domain of the servlet API.
I would recommend grouping users and granting permissions and checking, on each request for an operation (efficiently, of course, or it could be a real bottleneck) if the operation is allowed to the current user. I did this by calculating the intersection of the users permission set with the permission set of the requested action. I have found this to be highly flexible and easy to quickly add new users, groups, and permissions. Regards, John O'Hara At 02:49 PM 7/9/2002, you wrote: >we're writing a webapp which requires access control for various >operations. we wish to rely on the servlet container to handle >authenticating users, but we need to internally associate usernames with >sets of permissions. to make things easy on the superuser, we would like >to acquire a list of usernames in a given role instead of requiring her >to enter each username manually. i can find no way in the servlet spec >to do this. does anyone have any suggestions? > >- donald ___________________________________________________________________________ To unsubscribe, send email to [EMAIL PROTECTED] and include in the body of the message "signoff SERVLET-INTEREST". Archives: http://archives.java.sun.com/archives/servlet-interest.html Resources: http://java.sun.com/products/servlet/external-resources.html LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
